From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f54.google.com (mail-wm0-f54.google.com [74.125.82.54]) by dpdk.org (Postfix) with ESMTP id 8DF8B10A3 for ; Wed, 15 Aug 2018 17:02:15 +0200 (CEST) Received: by mail-wm0-f54.google.com with SMTP id q8-v6so1620078wmq.4 for ; Wed, 15 Aug 2018 08:02:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xXFrKmO0HSdsZRIKIrjpWrQZStKkQzQj+Il9MW8JwL0=; b=SOfDggyxZZVXO/4Y4jr8boM2WJdKHGWewzWdMKbRomuCwVf4g9FOyQq2rRS6ietPTV bnHNNyVALepOhNulxsoCRBVZMLwomwG2sPDCK2wvCO+sGAlJaU2XgnGP1pfOv7hovpiA FAF4bmjwsWKHctAudXbwCCKojW4JDfPgEjZpCM1C24UdMlKgaEOm/h2z6lbwpeYSN11H dbPV8i58Sv/I9rRvLN1IZrTKkaAM+XPEmuVEK7qDrYmm5AqWqswg8Y8MOSXDU5VmIuPw UsrLC30HtsEpPQW/f4BBPt3cMF6v6eQ4T1nAFzr2yL46tKdOybVhre4oRCB/fW8T9hZd Du5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xXFrKmO0HSdsZRIKIrjpWrQZStKkQzQj+Il9MW8JwL0=; b=VRHIfP7ehmsjMpHx/hFDm6rIEAMAscEKy9o4ZrUwLjg9n4QXiXP6RKyW+XkJ6RFzHJ /x01AP/nYr0D8Aye1YjKXKkfDU7TniNrslz9YRMsNFRGEE6xFtQKU6JYChFseweU9YKU mA1wC1AMcYLR6pm8Mx+Vq+RGkygXP6coz51FaQ5zExSRu1oskFkmtzZrsoLk6SW0eUFJ e/3jzJ+v8+qSX+SYIMUgvDWiHAiatf4BaZ24b0D8IRAEF0ErzdS+cUp/mRrZc+gNbhBl Q6ehQqZlov7ZkMspkGNkUOZ3GMgzKbSZH33eCncwHoE7mrQGdmm4uz0rGSp7fbc0rWPr fTZQ== X-Gm-Message-State: AOUpUlF914Zp//BnDbPnXfawzl1N7U7+kngwOvueM53MTHU8pYHkARco AUFR7KGxZYeK4S8l61hs8CaV8CnTaGFEWYgm7wI= X-Google-Smtp-Source: AA+uWPxZ8I+RznvVHRvJxxPVShDQnfGiJIrC2hCJi8NGjw8czfgqT8+TRoReu9Pg2g7rpfOefnxRQkNb2uhL5GW6f2U= X-Received: by 2002:a1c:c3c6:: with SMTP id t189-v6mr12772615wmf.59.1534345335114; Wed, 15 Aug 2018 08:02:15 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:adf:f7c1:0:0:0:0:0 with HTTP; Wed, 15 Aug 2018 08:02:14 -0700 (PDT) In-Reply-To: References: <259d01f7a94e1c4eadf9e57fe89be7cc@upnet.gr> <0d5ad82171cc381f5b5a8efd6a9f0f91@upnet.gr> From: Shyam Shrivastav Date: Wed, 15 Aug 2018 20:32:14 +0530 Message-ID: To: Konstantinos Schoinas Cc: users Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-users] Sequence Number /More info on the Subject X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2018 15:02:15 -0000 One obvious error that I can see in reply tcp segment is th-=E2=81=A0>recv_ack =3D htonl(client_send_seq + ntohs(iphdr-=E2=81=A0>tot= al_length)); You need to acknowledge just the tcp payload which is { send seq + iphdr-=E2=81=A0>total_length - (IP header len) - (TCP header len) } On Wed, Aug 15, 2018 at 7:47 PM, Konstantinos Schoinas wrote: > =CE=A3=CF=84=CE=B9=CF=82 2018-08-15 12:22, Konstantinos Schoinas =CE=AD= =CE=B3=CF=81=CE=B1=CF=88=CE=B5: > >> -------- =CE=91=CF=81=CF=87=CE=B9=CE=BA=CF=8C =CE=BC=CE=AE=CE=BD=CF=85= =CE=BC=CE=B1 -------- >> =CE=98=CE=AD=CE=BC=CE=B1: Sequence Number >> =CE=97=CE=BC=CE=B5=CF=81=CE=BF=CE=BC=CE=B7=CE=BD=CE=AF=CE=B1: 2018-08-15= 12:21 >> =CE=91=CF=80=CE=BF=CF=83=CF=84=CE=BF=CE=BB=CE=AD=CE=B1=CF=82: Konstantin= os Schoinas >> =CE=A0=CE=B1=CF=81=CE=B1=CE=BB=CE=AE=CF=80=CF=84=CE=B7=CF=82: users >> >> Hello, >> >> I am building an application blocks TLS session if i find a sepcific >> forbidden Server Name Indication. >> According to RFC i must make a response with Fatal Error (2) >> unrecognized name(112). >> >> When i receive the Client Hello and after i Extract the SNI and check >> it against a black list i do process the client hello in order to >> response to client and terminate the session. >> >> Although i am getting a lot of retransmit packets on wireshark so i >> suppose i am doing something wrong. >> >> I think i mights have seq and ack number wrong or something.If anyone >> could help i would appreciate. >> Here is the process of the packet after i check for the forbidden SNI: >> >> uint32_t client_receive_ack =3D ntohl(th-=E2=81=A0>recv_ack); >> uint32_t client_send_seq =3D ntohl(th-=E2=81=A0>sent_seq); >> >> th-=E2=81=A0>sent_seq =3D th-=E2=81=A0>recv_ack; >> th-=E2=81=A0>recv_ack =3D htonl(client_send_seq + ntohs(iphdr-=E2=81=A0>= total_length)); >> >> >> uint16_t l =3D ntohs(ssl-=E2=81=A0>length)-=E2=81=A00x02; >> uint16_t ip_l =3D ntohs(iphdr-=E2=81=A0>total_length) -=E2=81=A0 l; >> >> rte_pktmbuf_trim(m,l); >> iphdr-=E2=81=A0>total_length =3D htons(ip_l); >> ssl-=E2=81=A0>length =3D htons(2); >> >> alert =3D (struct Alert *)((uint8_t *)ssl + 5); >> >> >> iphdr-=E2=81=A0>src_addr =3D dst_ip; >> iphdr-=E2=81=A0>dst_addr =3D src_ip; >> th-=E2=81=A0>src_port =3D dst_port; >> th-=E2=81=A0>dst_port =3D src_port; >> ssl-=E2=81=A0>type =3D 21; //alert message >> alert-=E2=81=A0>type =3D 2; // fatal error >> alert-=E2=81=A0>description =3D 112; // Unrecognized name >> >> iphdr-=E2=81=A0>hdr_checksum =3D 0; >> th-=E2=81=A0>cksum =3D 0; >> iphdr-=E2=81=A0>hdr_checksum =3D rte_ipv4_cksum(iphdr); >> >> th-=E2=81=A0>cksum =3D rte_ipv4_udptcp_cksum(iphdr,th); >> >> >> >> >> Thanks for your time >> > > > > > I wanted to give some more information on the subject.I am adding a > picture of wireshark with the mail to give more info.The problem of the > retransmitted packet is that it doesnt end the TLS session even though i = am > sending a fatal-error alert with dpdk. > > I believe that i do something wrong with the process of client hello so i= t > doesnt have the right format in order to get recognized by the client and > end the tls Session. > > If you see my code above i change the source ,dest ip and port the seq an= d > ack value.In addition i am cutting from SSL Record the data that it had a= nd > i am adding the alert message according to RFC. > > Is there any field i must change according to dpdk? > > > > >